The role of a health care entity’s governing board in the implementation and oversight of a compliance program is not always clear. Although board members are not often directly involved in care delivery, the Department of Health and Human Services’ Office of the Inspector General (OIG) views the governing board as integral to setting the tone for an organization’s compliance and oversight culture. To help the organizational leadership of health care entities understand how to oversee these compliance functions, the OIG, in collaboration with the Association of Healthcare Internal Auditors (AHIA), the American Health Lawyers Association (AHLA), and the Health Care Compliance Association (HCCA), has now published “Practical Guidance for Health Care Governing Boards on Compliance Oversight” (the “Guidance”).
The Guidance was developed through a landmark collaboration between government and private organizations representing key professionals in the health care compliance and integrity industry. First, the Guidance provides helpful distinctions between five essential functions that a robust compliance program should incorporate.
- Compliance: to promote the “prevention, detection, and resolution” of identified issues that present risk under applicable laws, regulations, policies, or business standards.
- Legal: to provide advice to the organization to address legal risks and help determine appropriate responses to potential and actual violations.
- Internal Audit: to objectively assess “risk and internal control systems” (often data-based) used to evaluate the organization’s vulnerabilities and facilitate easy detection of compliance issues.
- Human Resources: to manage “the recruiting, screening, and hiring of employees” who ultimately would have compliance-related responsibilities.
- Quality Improvement: to review the clinical processes of the organization in view of patient needs, safety, and efficiency.
Then, the remainder of the 19-page Guidance includes references to other OIG publications, regulatory commentary, and external resources on board governance, compliance responsibilities, and fiduciary obligations. The overall substance of the Guidance provides educational information on the role of health care governing boards in compliance oversight, including the following takeaways:
- A governing board should expect to be involved in compliance oversight responsibilities, such as providing input on the appropriate size and structure of its organization’s compliance framework.
- A governing board should have access to the right personnel, information, and technology to appropriately understand the fraud and abuse risks of their health care operations, as well as the strengths and weaknesses of the organization’s compliance and audit capabilities.
- A governing board should make sure that employees, managers, and executives are accountable to the organization for the execution of the compliance program, particularly through evaluating awareness and responsiveness to identified compliance issues.
- A governing board should facilitate an environment that encourages regular reporting of compliance concerns, such as through “executive sessions,” dashboard updates, and other tracking systems outside of the auditing function.
Overall, the Guidance implies that boards should understand the equal importance of each function in promoting the compliance of an organization. For instance, the OIG maintains that the compliance and legal officers within an organization should work on equal footing and not be subordinate to each other. But the Guidance also indicates that health care organizations should not create an environment where human resources functions conflict with the compliance functions.
Because health care fraud enforcement actions against individual executives should be at the forefront of every health care organization’s priorities this resource is extremely important in the current environment. At a Taxpayers Against Fraud conference last fall, Assistant Attorney General Leslie Caldwell stated that “[c]ases involving fraud by executives at health care providers such as hospitals are also a high priority for [the Department of Justice], and a growing part of our [Medicare] strike force docket.” Therefore, the Guidance should serve as a core educational resource for health care governing boards, their managing employees, and in-house counsel.